Retail News Breaks Archives
Target CFO testifies again on data breach
March 26th, 2014
WASHINGTON – Target Corp.’s chief financial officer is headed back to Capitol Hill to testify before a Senate committee looking into consumer protections against cyberattacks.
Wednesday’s appearance before the Commerce, Science and Transportation Committee will be John Mulligan’s first appearance in front of lawmakers since Target acknowledged it learned about suspicious activity involving the company’s computer system a month before thieves stole the personal data of tens of millions of customers.
At Mulligan’s most recent appearances before Senate and House panels, the CFO testified that Target was unaware of the breach until alerted to the attack by federal officials on December 12.
Target was later forced by media reports to admit that it had received internal information about suspicious activity in the weeks before the data was stolen but had deemed the information insufficient to warrant a follow-up.
The cybertheft occurred in late November when hackers accessed Target’s computer networks via stolen credentials of a heating and ventilation contactor. The thieves scraped payment card data over a period of about two weeks, until Target terminated their access, saying at the time that they acted after federal investigators tipped them off on the suspicious activity.
Target’s security breach could eclipse the biggest-known data theft at a retailer: TJX Cos. in 2007 disclosed a breach of customer information that compromised more than 90 million records at its T.J. Maxx, Marshalls and HomeGoods stores.
Mulligan’s appearance before the Senate Commerce, Science and Transportation Committee comes a day after the committee staff released a report critical of the company, which the report says "failed to respond to multiple automated warnings from the company’s anti-intrusion software."
Target is facing dozens of lawsuits and investigations as a result of the theft, and the retailer is overhauling its information security and compliance division as it prepares to convince courts and juries that its payment card system complied with industry standards at the time of the cybertheft.